Pages

Thursday, May 4, 2017

This past week a massive phishing scam impacted millions of Google users. You may have seen this email. Clicking "open" gave a hacker access to your address book and email, allow them to send the same email to everyone in your address book.

While annoying, this attack wasn't terribly malicious. The hacker did NOT get your password - they just sent out a LOT of emails.

This issue is a good reminder that we need to be vigilant when working on the web.

How can you protect your Google Account?

1. Think before you click - the original email looks nothing like a normal Google Drive email. That should have been the first clue.

Bonus tip: If you share a file with someone via Google Drive, I strongly encourage you to write a short note explaining why you are sharing the file. This will help your recipient verify that you are the one sharing this file with them.

2. Don't just click "allow." For most of us, this is a familiar screen, but don't just click "allow."Make sure you know who you are giving your account information to. In the Docs phishing scam, clicking the "open" button prompted the user to give access to an app called "Google Docs." This is suspicious because you don't have to give Docs permission before you can view a file.

3. Periodically review your connected apps. Single sign on with your Google account is awesome. But over time you can have dozens of services accessing your data, even ones that you aren't using any more. If any of these services are compromised, you could be at risk (this recently happened with my account). Remove any apps or extensions that you no longer use.

To review the services that are connected to your Google Account, click here.

Issues like the Google Docs phishing scam are bound to happen. It will happen again. Make sure you learn how to secure your personal information and follow appropriate security practices. What are these practices? Check out the series of posts that I wrote on data security for teachers: